General

  • Target

    fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef

  • Size

    297KB

  • Sample

    230206-rxwv8shf51

  • MD5

    af2b8f5ab74b832d8afdeb31bbbedf7a

  • SHA1

    843c977f2763e00215798252df9d72e705be2049

  • SHA256

    fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef

  • SHA512

    d01f8c2d03e4ea2db7e4c308e45e99cdabddae25a4260d685d00c57fd515b6a011683cdb6ef9beb7ab3c5997d2aead36dbff0d0cda1dec141e95b12b0b345ce1

  • SSDEEP

    6144:nYa6cjfjA7IUkIDhzdQoz9FDJuWYtfX5Nyu6YtSXiOJF:nYYfSxkDcuWwHdsn

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

rs11

Decoy

brigtsidefinancial.com

kotteri-mannish.com

black-iron-fences-bros.com

fnixo.com

gondes.net

cutleryknives-store.com

cabledahmercadillacvip.com

redstaing.com

cateri.africa

cgadminservices.com

wilwin.net

moteru40.net

floraandfate.com

aram-eyes.com

bcrazy55.com

courierpay.buzz

discovervielven.com

mymansshirt.com

junglesmp.online

classic-workshop.com

Targets

    • Target

      fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef

    • Size

      297KB

    • MD5

      af2b8f5ab74b832d8afdeb31bbbedf7a

    • SHA1

      843c977f2763e00215798252df9d72e705be2049

    • SHA256

      fde11e6f4e911647593850de2ddc4b747eee070999f8031101d02bf4cb2364ef

    • SHA512

      d01f8c2d03e4ea2db7e4c308e45e99cdabddae25a4260d685d00c57fd515b6a011683cdb6ef9beb7ab3c5997d2aead36dbff0d0cda1dec141e95b12b0b345ce1

    • SSDEEP

      6144:nYa6cjfjA7IUkIDhzdQoz9FDJuWYtfX5Nyu6YtSXiOJF:nYYfSxkDcuWwHdsn

    • Formbook

      Formbook is a data stealing malware which is capable of stealing data.

    • Formbook payload

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks